<?php
session_start();

include("config.php");

$form = 1;
$session = 1;

if(isset($_SESSION['pseudo']))
{

	$link = mysql_connect ('localhost', DB_USER_NAME, DB_PASSWORD) or die ("Cannot join database");
	mysql_select_db (DB_NAME);

	//On verifie si l'on a un premier acces à la page
	if(isset($_POST['password']))
	{
		//On verifie que tous les champs soient remplis
		if(empty($_POST['password']) || empty($_POST['password1']) )
		{
			$erreur = 1;
			echo "Empty fields are not allowed <br>";
		}
		else
		{	
			if($_POST['password'] == $_POST['password1'])
			{
				//On verifie si le pseudo n'existe pas déjà
				$requete = "UPDATE user SET password='" . sha1($_POST['password']) . "' WHERE pseudo='" . $_SESSION['pseudo']. "'";
			
				$result = mysql_query ($requete);	

				echo "Your password has been succesfully updated <br>";
				$form = 0;
			}
			else
			{
				echo "Password entered doesn't match <br>";
			}
				
		}

	}

	mysql_close($link);		

}//fin du if de session
else
{
	$session = 0;
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" >
	<head>
		<title>Life Stream - Member</title>
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
	</head>
   
	<body>		
		<?php
		if($session)
		{
			if($form)
			{
				echo "Welcome " . $_SESSION['pseudo'] . "<br>";
				?>
				Your datas:</br>
				<form method="post" action="update_password.php">
				<p>Password: <input type="password" name="password" /></p>
				<p>Confirm password: <input type=password" name="password1" ></p>
				<p><input type="submit" value="Valider" /></p>
				</form>
				<?
			}
		}
		else
		{
			echo "You must be connected<br>";
		}
		?>
	
	</body>
</html>
